Tuesday, March 29, 2016

Avoid or Mitigate Ransomware Risks


A big THANK YOU to the Emerging Threats Team at SophosLabs and their blog Naked Security for their excellent recommendations on this nasty but important topic.

I have taken the liberty to add some remarks just to help you remember important little details that are easy to forget in cursive.
  • Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won�t have to worry about the backup device falling into the wrong hands.

    But do not, I repeat, do not leave your backup device connected to the computer. Always unplug the backup device after the backup is complete!

     
  • Don�t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don�t do it!

    Naturally they don't tell you that the click they ask you to do will turn macros back on. They rather trick you into believing that clicking is the thing to do to be able to read what they sent you...

     
  • Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn�t open a document until you are sure it�s the one you want, but you can�t tell if it�s the one you want until you open it. If in doubt, leave it out.

    Currently I do not open ANY attachments; I call the sender and have them explain what and why they sent the attachment and even if all that checks out I additionally check the attachment on
    Virus Total
     
  • Don�t give yourself more login power than you need. Most importantly, don�t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other �regular work� activities while you have administrator rights.

    Quite a lofty ideal as I am currently experiencing first hand.

     
  • Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn�t support macros at all, so you can�t enable macros by mistake!

    Now is a good suggestion, I will have to do that!

     
  • Patch early, patch often. Malware that doesn�t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

    As I always preach: Update, update, update.
That is it; certainly to a large part common sense but here it is, nicely packaged and in one place.

Stay safe!

Monday, March 28, 2016

Ransomware - A Current Example


Please take a close look at this cut out grabbed diectly off my screen:

From the top the red frames are around:
  1. The virus infected scam email in the message list
  2. The totally unprofessionally empty subject line.
    [Bulk] is from my ISP telling me that this email was sent  from a server that is known to send out spam
    FW: tells me that the email was forwarded
  3. Addressing me with "ejheinze" shows that the sender does not even know my first name;
    ejheinze is the part of my email address before the @ character
  4. A totally unprofessional signature
  5. .zip is one of the potentially dangerous file types 
Do I really need to comment? Yes? Okay, here we go:
  1. Hm, no subject and I don't know a Jodie M and Comcast in her email address? I have no business at all with Comcast.
  2. Unprofessional and bordering on rude.
  3. Totally unprofessional and in a primitive way impolite.
  4. From Comcast I would at least expect some sort of company logo or an avatar.
  5. I wonder what might be in there...
    but with all the above I DO NOT CLICK on the attachment!
Instead I save the attached file and submit it to Virus Total (Wikipedia). And the "success" confirms my suspicion. 17 out of  58 anti virus programs flag the file as infected. See for yourself:
The rest was simple:
Delete the email which deletes the attachment as well.
Delete the file from the computer and
Empty Recycle Bin, just to be sure.

Remember: NEVER, EVER click on an email attachment unless you have verified it's legitimacy with the sender.

Stay safe.



Sunday, March 27, 2016

Spybot Anti Beacon - A Must Have?


If privacy of your data and files is to you as important as it is for me than the answer to the title question on Windows 7 and above is YES, clear and loud.

Let me explain: SpyBot Anti Beacon is a relatively new utility that can reliably turn off most of Windows 10's unwelcome behavior. Many others besides myself think of as being spied at. Whether Micro$oft calls this telemetry or whatever, I feel spied at.

If you want to know why I call Windows 10 a masterpiece of data collection and judge it's telemetry as for me unwanted spying please read this article originally written in October 2012 after Windows 8 was available. And I repeated the IMHO main reason in the context of Windows 10 quite recently.

If you want to try SB Anti Beacon (SBAB) please keep in mind this is professionally made but it is a FREE program; free as in free beer, that is you do not have to pay for it. This has consequences; not everything is as automatic as you might have come to expect from good programs. The main program window has four tabs for four different functions or info screens. I recommend to read the Frequently Asked Questions in tab #4 but will shortly describe what I do in tabs #1 and #2 (usage instructions).

In tab #1 I want ALL the entries to be green, that is all the spying turned off. So I just click the Immunize button at the bottom of the page.

In tab #2 I want as well all entries to be turned off but the page is differently organized. For every entry I have to click on the Apply button immediately above the entry. And especially on laptops and other (mainly smaller) wide screens I have to realize that in tab #2 the program windows has a scroll bar! I need to use it to uncover the last entry or entries on that tab's page.

Here are some visual examples from the only Windows 10 system I currently have available which happens to be a laptop:
Tab #1 BEFORE and AFTER "Immunize"
Tab #2 BEFORE and AFTER "Apply"
Please see that the scroll bar in the pictures of tab #2 is in a different positions.

Just an hour ago I made an interesting observation: After installing updates from Windows Update I checked the Win 7 system I write this on and there was one new telemetry entry in each of the tabs. That shows that Micro$oft at least for now will keep bringing telemetry from Windows 10 back to Windows 7 and 8!

That is why I say to you:  If you are willing to use SpyBot's Anti Beacon and to take on this additional check after EVERY update from Micro$oft (whether the updates were automatically applied or you checked and installed them manually) then you can rest fairly assured that Micro$oft will not collect data from your computer and about your computing habits.

As usual, stay safe.

Wednesday, March 23, 2016

2016-03-24 WBKV Talking Points


Today nothing but viruses, malware and currently acute dangers.
  • Ransomware (so far mainly from infectious MS-Office documents)
    Record ransom paid; 17 million US$ 
     -  -
  • now infectious advertisements on BIG company web sites with 100s of millions of visitors every day:
    - -
    New York Times (nyt.com)
    AOL.com
    ESPN.com
    MSN.com (MicroSoft Network)
    NFL.com (yes, National Football League)
    TheWeatherNetwork.com
    TheHill.com
    Yahoo.com  and many more.
I feel like a prayer wheel:
   If you see advertisements in your web browser your computer is at risk!

Firefox web browser with Adblock Plus and WOT are the browser protections you should use!

No, not Goggle Chrome, Safari or Edge or Internet Explorer!

Monday, March 21, 2016

Norton Software IS RISKY!


For years I recommend to my customers and on my radio shows to stay away from so called "security products" from the big names like Norton, McAfee, Trend Micro and many others.

The makers of the Norton branded software is a company called Symantec.

Here is revealing and interesting article about Symantec and some of the major security problems in some of their software.

If you want to entrust the security of your computer to Norton software be my guest. I don't mind at all to clean up the mess.

Stay safe!

Credit cards ARE a risk factor...


.., especially if last year you used them at Target or Home Depot.

Home Depot so far shelled out $19.5 million and they are still counting.

More details are here.

Personally I always cringe when I see someone paying everyday smaller mounts with a credit card, be it at Starbucks, McDonald or anywhere else.

Disclaimer: I am hardly ever at McDonald and if at all I pay with cash!

Stay safe!

New Dangers And Bad News


You may already have heard of ransomware, the newest trick of the bad guys to get at your money.

If you have not here is a VERY SHORT explanation: A ransomware virus encrypts all your data files, that is in effect makes them unusable and unreadable. After the encryption is done you have to pay money to the crooks do get instructions and a "decryption key"; if the instructions and the decryption key work correctly as they should you get your data back but sometimes it does not work. Your data is held for ransom, hence the name.

So far the highest amount reportedly paid by a large California based medical organization was 17 million dollars.

Very recently the web sites of a whole lot of well known and big organizations got abused to show advertisements infected with ransomware. Some of the affected web sites were:
  • msn.com
  • nytimes.com
  • aol.com
  • nfl.com
  • theweathernetwork.com
  • thehill.com
  • zerohedge.com 
and many more. These sites have millions of daily visitors! If you are interested you can read more details here.

I can not say it often and loud enough:
If you see advertisements on the Internet your web browser and thus your computer are NOT SAFE at all! Fire your current technician and call me or send me an email!
When I leave a customer's house they ALL have a safely set up web browser that should not show ANY of these commercially distributed advertisements.

Stay safe.

Saturday, March 19, 2016

Skype Users Be Warned



If you use Skype PLEASE read through this article about two conversations triggered by Skype friend requests. I will let that speak for itself.

For the less geeky of my readers, a spam bot is program or robot programmed to "have a conversation".

You are warned.

Stay safe.

Wednesday, March 9, 2016

2016-03-10 WBKV Talking Points


Part 2: Stay Safe on the Internet

Be aware that trustworthy companies, especially Microsoft and it�s affiliates, will never contact you because of a supposed technical problem of any kind.
The following will definitely be scams:
  • Phone calls
  • Advertisements for technical support for any software product on search engines like Google, Yahoo or Bing
  • Pop-ups for tech support from social web sites (Facebook! or LinkedIn)
  • Pop-ups for tech support that promote phone based tech; these usually require a previous malware infection or an unsafe web browser.
Scam avoidance 101:
  1. Never completely trust someone you don�t know who called you.
    Listen to them, if you like.
  2. Ask questions, if you feel like it, but NEVER EVER give them access to your PC
  3. NEVER EVER give them any payment information.
  4. Tell them that you will let your local tech look into it (even if you don�t have one).
  5. If the caller hangs up � good for you.
  6. If he/she gets impolite or abusive it�s your time to hang up!
Afraid of a real problem? Do the research yourself or contact a trusted tech support person.

Chances are there�s nothing to see at all.

If you have handed over payment information, you�ve just given that information to a complete stranger. Immediately put your credit card or payment provider on fraud alert. If you allowed the scammer to access your computer things can get ugly. Do NOT use the computer; you usually have no idea what they did. You need a trusted technician to check out your machine.
This IS a common scam right now and the best defense is to not fall for it in the first place.

Another currently growing threat: MS-Word, Excel or Powerpoint files sent as attachments! When these files are opened you mostly see the request �... to turn protection on ...� or similar tricks. Don�t do it, don't believe it, it's a trick!  Many very nasty ransomware viruses use this trick! If you do not have a current backup YOU PAY! You either pay the crooks to get your files back and/or a trusted technician to re-build all the software on your computer.  And if you don't have install disks for Windows  - b.t.w. they do NOT come with computers any longer - you have even more problems.

Stay safe.

Wrong, Every Step She Took Wrong


Original text of email I got from a long ago customer:
Recently our Microsoft Essentials "little house"  has been erratic in its stability.  We have done full scans and quick scans with it staying green for a short period of time changing to orange and then eventually to red.

I googled this question and received an answer that Microsoft is not updating this since last year - so the definitions are not really up to date.  Is this true?
It was suggested that I get AVG Anti Virus which is Free.  I did do this and it  appears to be doing the job with the green circles, etc. 

On that same page there is a area where I can check to "fix performance".  It is a PC Analyzer - After doing this, the report was: many errors in various areas and they said it could be fixed for fee/one time and/or I could get a program for 1 year.  I would not need one for one year but I would like take advantage of the free analyzing of this performance.  Do you think I should do this and is AVG a good solution if indeed Microsoft has stopped updating?

... [I] realize we will have to update to windows 10 when they force us to do so.  If we do not do this will they charge us?
 And here is the original text of my reply, please judge for yourself:
Thanks for asking. If you remember I do not express myself politically correct so please brace yourself for some rough truths:
  • The "little house" you refer to represents Microsoft Security Essentials which was your anti virus program until you installed AVG.
  • ANY anomaly with your anti virus should have rang a LOUD alarm bell.
  • If it has not updated since last year your computer potentially was not protected against common viruses.
  • AVG is a program that I urge my customers to stay away from!
  • It installs really crappy programs, that is how AVG (the company) makes money nowadays.
  • PC Analyzer IMHO is known malware.
  • I bet you that almost ALL the errors that you get shown are false messages meant to scare you into installing even more useless programs.
  • Keep going with these silly suggestions and soon your computer will likely not be usable any longer.
  • No, DO NOT take "advantage" of the "free" solution that you mention, it will make it only worse.
I believe I still could fix the situation and hopefully repair your computer. I guarantee that the free solution will not work to your satisfaction. 
The question about "they" ( I assume you mean Microsoft?) charging you only Microsoft can answer and they, MS, has been asked the same thing thousands of times; so far MS has only replied with marketing blah-blah; we just do not know. My personal suspicion is yes, no later than January 2020 when in MS's view Windows 7 comes to the end of it's supported lifetime.
In case my replies offended you I apologize, that was and is not my intention at all.
For my readers here: No further comment from my side; please come to your own conclusion and PLEASE, don't make similar or the same mistakes.

Stay safe.
 

Old Scam - New Clothes

A scammer from India came up with a new twist of an old ruse.  Look at this screen shot of the offending email as shown in my email program:...